dotfiles/nixos-config
1
0
Fork 0
mirror of https://github.com/srid/nixos-config.git synced 2026-04-17 17:55:17 +08:00
Code Issues Projects Releases Packages Wiki Activity Actions
nixos-config/docs/TAILSCALE-WIRED.md
Sridhar Ratnakumar 0e0d14b20c add docs
2026-03-22 11:39:51 -04:00

2.6 KiB
Raw Permalink Blame History

Tailscale & Network Interface Selection on pureintent

pureintent has both ethernet (enp1s0) and wifi (wlp2s0) enabled on the same LAN subnet (192.168.2.0/24). Linux uses route metrics to decide which interface handles outbound traffic — lower metric = lower cost = preferred.

Interface Overview

Interface Type IP Metric Tailscale IP
enp1s0 Ethernet 192.168.2.43 100
wlp2s0 WiFi 192.168.2.134 600
tailscale0 Tunnel 100.122.32.106 100.122.32.106

How It Works

When multiple default routes exist, the kernel picks the one with the lowest metric. NetworkManager assigns ethernet a lower metric (100) than wifi (600) by default.

This means:

  • Ethernet is always preferred when both are connected.
  • Tailscale peers connecting remotely (e.g. from a coffee shop) reach pureintent via its Tailscale IP. The Tailscale daemon (tailscaled) sends/receives its tunnel traffic (WireGuard UDP) through the default route — ethernet.
  • If ethernet is unplugged, the kernel automatically falls back to wifi (next lowest metric).

Routing Table

default via 192.168.2.1 dev enp1s0 proto dhcp src 192.168.2.43 metric 100
default via 192.168.2.1 dev wlp2s0 proto dhcp src 192.168.2.134 metric 600

Both routes point to the same gateway (192.168.2.1), but the metric decides which wins.

Connection Types

When a remote peer runs tailscale ping, the response reveals the connection type:

  • Direct (via <ip>:<port>) — UDP hole-punch succeeded; traffic flows peer-to-peer. Low latency (~4ms on LAN).
  • DERP relay (via DERP(xxx)) — NAT traversal failed; traffic is relayed through Tailscale's servers. Higher latency.

Example direct connection:

pong from pureintent (100.122.32.106) via 192.168.2.43:41641 in 4ms

The 192.168.2.43 confirms traffic is arriving on the ethernet interface.

Verification Commands

# Check which interface a Tailscale connection uses
tailscale ping <tailscale-ip>

# View route metrics (lower = preferred)
ip route

# See real-time per-interface byte counters
ip -s link show enp1s0
ip -s link show wlp2s0

# Watch live traffic on a specific interface
iftop -i enp1s0

# Check Tailscale peer status (direct vs relayed)
tailscale status

# Inspect active Tailscale connections
ss -tunp | grep tailscale

References